[Opendnssec-user] Different TTL used in full and partial audit.
Göran Bengtson
goeran at chalmers.se
Wed Jan 11 09:52:29 UTC 2012
The call to key_tracker.process_key_data have different parameters
in auditor.rb and partial_auditor.rb. If I remember correct, there was
a bug-fix that corrected the TTL used to verify key usage/state-
transitions. Howver, I don't think the fix made it info the partial
auditor.
In the 1.3-branch:
fgrep process_key_data auditor/lib/kasp_auditor/*auditor.rb
auditor/lib/kasp_auditor/auditor.rb: @key_tracker.process_key_data(@keys, @keys_used, @soa.serial, @config.keys.ttl)
auditor/lib/kasp_auditor/partial_auditor.rb: @key_tracker.process_key_data(@keys, @keys_used, @soa.serial, @config.soa.ttl)
The partial auditor still use the SOA TTL, not the DNSKEY TTL.
/ Göran Bengtson
Chalmers Univ. of Technology
More information about the Opendnssec-user
mailing list